On Linux servers (especially web servers) it is recommended to create /tmp as separate partition and mount it with ‘noexec’ and ‘nosuid’ options. ‘noexec’ disables the executable file attribute within an entire filesystem, effectively preventing any files within that filesystem from being executed. ‘nosuid’ disables the SUID file-attribute within an entire filesystem. This prevents SUID attacks on the /tmp filesystem.

WARNING: Various services such as MySQL, Postgres, Plesk and Zend use /tmp as temporary storage. You must STOP these services before carrying out the procedure below. Failing to disable these services may cause major InnoDB database corruption.

1. Stop all services including Plesk, MySQL, Apache, Postgres, SpamAssassin and any other service utilizing the /tmp file system.

2. Copy all of the files in /tmp to a holding directory:

# cp -Rp /tmp /tmp-backup

3. If /tmp is a separate partition on the server, you only need to edit /etc/fstab and add ‘noexec’ and ‘nosuid’ options for /tmp (see step 5). Then remount the partition:

# mount -o remount /tmp

If the tmp file is not a separate partition (check using ‘# df -h’) then you will need to follow steps 4 – 10 below. Else, skip to step 11.

4. If /tmp directory resides on / partition, it is better to create new partition for /tmp, for example with size 1 GB: